Cyber operations – or to use the pervasive but sometimes misleading phrase, “cyber attacks” – are becoming increasingly frequent across the world. The UK is not immune to this, with criminal activity, such as ransomware campaigns – as well as competition between states – posing various threats to the digital economy and international security. The new National Cyber Force (NCF) is part of the UK’s answer to these problems, consolidating its “offensive” forces in cyberspace.
What is the NCF? Does it mean that the UK is scrapping all its tanks and replacing them with popular culture’s hoody-wearing teenage hackers? No, but there are still significant changes ahead, including a transformation in force structure, dealing with legacy capabilities, and embracing new and emerging technologies. The government’s ambition is for a smaller but more capable Armed Forces, enabling Britain to play a leading, post-Brexit role in global strategic competition.
In our new report, co-authored with Amy Ertan and Dr Tim Stevens, we argue that the success of the NCF will be determined by the quality of the leadership, strategy, structures and processes that shape its growth and operational use. The expansion of the UK’s investment in offensive cyber operations creates new opportunities, but also raises key ethical and strategic dilemmas that are yet to be straightened out.
The emphasis on technology – and the NCF specifically – in the UK government’s recent Integrated Review of Security, Defence, Development and Foreign Policy, indicates the extent to which the government sees cyber capabilities as a major part of its defence and security ambitions.
As the former chief executive of the National Cyber Security Centre, Ciaran Martin, argued in a speech at King’s however, the most important dimension of the response to cyber threats is the improvement of cybersecurity and resilience. Much of that work will not be led by – or even involve – the UK’s defence, intelligence and security communities. But cyberspace is a domain of constant competition between states and of damaging and destructive activities conducted by terrorists and criminals. To counter its adversaries in cyberspace, the UK needs the capabilities to act decisively – wherever possible with allies, but when necessary alone.
Decisions made now will shape the nature, number, intensity and tempo of operations conducted by the NCF over the next decade, as it grows to reach its full-strength target of 3000 personnel by 2030. Will the NCF focus on countering state threats, trying to make cyberspace a less hospitable operating environment for adversaries such as Russia, China, Iran and North Korea? Or might it focus instead on pursuing cybercriminals and terrorists? Or developing military cyber capabilities to be used as part of integrated operations?
There are several possible missions for the NCF, and the government needs to prioritise between them. Of course, the UK does not operate in isolation; its strategy is international by design. The NCF will collaborate closely with allies such as US Cyber Command. As with the longstanding Five Eyes intelligence partnership, there are likely to be areas in which the UK can make a positive contribution to allied offensive cyber operations. The UK government has also repeatedly emphasised its commitment to contribute cyber capabilities within the NATO alliance. There will, however, be a balance to strike between what can be done with allies and retaining sovereign capabilities.
In our report, we argue that some balance of persistent counter-cyber operations and supporting military operations is arguably the best – and least controversial – use of the NCF. We also argue for more active and structured coordination and leadership of cyber strategy from the centre of government. The future of UK offensive cyber should be decided holistically by ministers, not by competition between the NCF’s constituent departments.
We propose that a new post, a deputy National Security Adviser for Cyber, should be created to lead strategic coordination from the Cabinet Office. The relevant ministerial group for making decisions about cyber strategy should be appropriately supported by a central unit headed by the new cyber deputy. And the government should consider streamlining ministerial portfolios, including the creation of dual- or even triple-hatted ministers, so that a smaller number of ministers have more substantive cyber responsibilities, less constrained by traditional departmental siloes.
The Integrated Review clearly recognised the need for a more structured and coherent approach, referring to a “whole-of-cyber” approach to cyber strategy. With the prominence of the NCF as the newest kid on the block, we expect the next iteration of national cyber strategy later this year to place greater emphasis on the role of offensive cyber than previous iterations in 2011 and 2016. By 2030, the NCF will be a bigger and more established institutional actor and a player in its own right in the cross-Whitehall process for shaping cyber strategy.
The centre of government needs to take cyber seriously, as an active manager and honest broker, ensuring a well-calibrated balance between the different aspects and actors in national cyber strategy. The UK will only get the cyber force it needs if the government makes the right strategic assumptions and draws effectively on expertise from outside of government. We publish our report today as a contribution to the emerging public policy debate we need to have about Britain’s strategic options in cyberspace.
About the authors
Dr Joe Devanny is a Lecturer in National Security Studies and deputy director of the Centre for Defence Studies in the Department of War Studies (King’s College London).
Dr Andrew Dwyer is an Addison Wheeler Research Fellow in the Department of Geography (Durham University) and co-director of the UK Offensive Cyber Working Group.
Joe Devanny and Andrew Dwyer are co-authors, with Amy Ertan (Royal Holloway) and Dr Tim Stevens (KCL), of a new report into the role of offensive cyber operations in UK strategy.
A panel discussion and Q&A to discuss this report will be held live online on Tuesday 4 May. It will be chaired by Professor Lady Moira Andrews (KCL). The panel will include the report’s co-authors and invited guests including Marcus Willett CB OBE (Senior Cyber Adviser at the International Institute for Strategic Studies, GCHQ’s first Director Cyber and former deputy head). Sign up for the event here.